Review the Role of the Federation Server in the Resource Partner Organization
Applies To: Windows Server 2008
A federation server in the resource partner validates the security tokens that are issued by the federation server in the account partner. A federation server in the resource partner also issues security tokens that are sent to the Web-based applications in the resource partner. In addition, a federation server in the resource partner issues cookies to the user accounts. The cookies come from the account partner. These cookies enable single-sign-on (SSO) capabilities so that users do not have to log on again at the federation server in the account partner when the users attempt to access different Web-based applications in the resource partner.
Note
To turn a computer into a federation server in the resource partner organization, you must first join the computer to any Active Directory domain in the resource partner organization. However, in scenarios in which the resource partner will use an AD FS-enabled Web server to host a Windows NT token–based application, you must join the federation server to a domain in the same forest as the AD FS-enabled Web server.
In the Web SSO design, at least one federation server must be installed in the protected network. In the Federated Web SSO design and the Federated Web SSO with Forest Trust design, there must be at least one federation server in the account partner and at least one federation server in the resource partner.